logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

lsm.h (2631B)


  1. /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
  2. /*
  3. * Linux Security Modules (LSM) - User space API
  4. *
  5. * Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com>
  6. * Copyright (C) 2022 Intel Corporation
  7. */
  8. #ifndef _LINUX_LSM_H
  9. #define _LINUX_LSM_H
  10. #include <linux/stddef.h>
  11. #include <linux/types.h>
  12. #include <linux/unistd.h>
  13. /**
  14. * struct lsm_ctx - LSM context information
  15. * @id: the LSM id number, see LSM_ID_XXX
  16. * @flags: LSM specific flags
  17. * @len: length of the lsm_ctx struct, @ctx and any other data or padding
  18. * @ctx_len: the size of @ctx
  19. * @ctx: the LSM context value
  20. *
  21. * The @len field MUST be equal to the size of the lsm_ctx struct
  22. * plus any additional padding and/or data placed after @ctx.
  23. *
  24. * In all cases @ctx_len MUST be equal to the length of @ctx.
  25. * If @ctx is a string value it should be nul terminated with
  26. * @ctx_len equal to `strlen(@ctx) + 1`. Binary values are
  27. * supported.
  28. *
  29. * The @flags and @ctx fields SHOULD only be interpreted by the
  30. * LSM specified by @id; they MUST be set to zero/0 when not used.
  31. */
  32. struct lsm_ctx {
  33. __u64 id;
  34. __u64 flags;
  35. __u64 len;
  36. __u64 ctx_len;
  37. __u8 ctx[] __counted_by(ctx_len);
  38. };
  39. /*
  40. * ID tokens to identify Linux Security Modules (LSMs)
  41. *
  42. * These token values are used to uniquely identify specific LSMs
  43. * in the kernel as well as in the kernel's LSM userspace API.
  44. *
  45. * A value of zero/0 is considered undefined and should not be used
  46. * outside the kernel. Values 1-99 are reserved for potential
  47. * future use.
  48. */
  49. #define LSM_ID_UNDEF 0
  50. #define LSM_ID_CAPABILITY 100
  51. #define LSM_ID_SELINUX 101
  52. #define LSM_ID_SMACK 102
  53. #define LSM_ID_TOMOYO 103
  54. #define LSM_ID_APPARMOR 104
  55. #define LSM_ID_YAMA 105
  56. #define LSM_ID_LOADPIN 106
  57. #define LSM_ID_SAFESETID 107
  58. #define LSM_ID_LOCKDOWN 108
  59. #define LSM_ID_BPF 109
  60. #define LSM_ID_LANDLOCK 110
  61. #define LSM_ID_IMA 111
  62. #define LSM_ID_EVM 112
  63. #define LSM_ID_IPE 113
  64. /*
  65. * LSM_ATTR_XXX definitions identify different LSM attributes
  66. * which are used in the kernel's LSM userspace API. Support
  67. * for these attributes vary across the different LSMs. None
  68. * are required.
  69. *
  70. * A value of zero/0 is considered undefined and should not be used
  71. * outside the kernel. Values 1-99 are reserved for potential
  72. * future use.
  73. */
  74. #define LSM_ATTR_UNDEF 0
  75. #define LSM_ATTR_CURRENT 100
  76. #define LSM_ATTR_EXEC 101
  77. #define LSM_ATTR_FSCREATE 102
  78. #define LSM_ATTR_KEYCREATE 103
  79. #define LSM_ATTR_PREV 104
  80. #define LSM_ATTR_SOCKCREATE 105
  81. /*
  82. * LSM_FLAG_XXX definitions identify special handling instructions
  83. * for the API.
  84. */
  85. #define LSM_FLAG_SINGLE 0x0001
  86. #endif /* _LINUX_LSM_H */